From ae9d64e544b516fcd33c2937b8bccb6f9aec4324 Mon Sep 17 00:00:00 2001 From: Linus Groh Date: Tue, 1 Sep 2020 19:45:29 +0100 Subject: [PATCH] LibJS: Let set_array_like_size() switch to generic storage if necessary This is already considered in put()/insert()/append_all() but not set_array_like_size(), which crashed the interpreter with an assertion when creating an array with more than SPARSE_ARRAY_THRESHOLD (200) initial elements as the simple storage was being resized beyond its limit. Fixes #3382. --- Libraries/LibJS/Runtime/IndexedProperties.cpp | 7 +++++++ Libraries/LibJS/Runtime/IndexedProperties.h | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Libraries/LibJS/Runtime/IndexedProperties.cpp b/Libraries/LibJS/Runtime/IndexedProperties.cpp index 3ef6f16166..c46984a8aa 100644 --- a/Libraries/LibJS/Runtime/IndexedProperties.cpp +++ b/Libraries/LibJS/Runtime/IndexedProperties.cpp @@ -346,6 +346,13 @@ void IndexedProperties::append_all(Object* this_object, const IndexedProperties& } } +void IndexedProperties::set_array_like_size(size_t new_size) +{ + if (m_storage->is_simple_storage() && new_size > SPARSE_ARRAY_THRESHOLD) + switch_to_generic_storage(); + m_storage->set_array_like_size(new_size); +} + Vector IndexedProperties::values_unordered() const { if (m_storage->is_simple_storage()) { diff --git a/Libraries/LibJS/Runtime/IndexedProperties.h b/Libraries/LibJS/Runtime/IndexedProperties.h index 916a7747c2..d95f0d83a7 100644 --- a/Libraries/LibJS/Runtime/IndexedProperties.h +++ b/Libraries/LibJS/Runtime/IndexedProperties.h @@ -162,7 +162,7 @@ public: size_t size() const { return m_storage->size(); } bool is_empty() const { return size() == 0; } size_t array_like_size() const { return m_storage->array_like_size(); } - void set_array_like_size(size_t new_size) { m_storage->set_array_like_size(new_size); }; + void set_array_like_size(size_t); Vector values_unordered() const;